Note that an FFI is any financial institution such as banks, credit unions, insurance companies, bond brokers or money managers. However, FATCA also impact any foreign entity (call Non-Financial Foreign Entities, NFFE) who is the recipient of a US sourced payment, and the NFFE will have to show its FATCA status. Withholding tax may also be imposed on those NFFE who does not provide information on each of their “substantial US owners”.

The FATCA essentially turns all FFIs into agents of the IRS, reporting the status of account owners who are US citizens. It is the Responsible Office (RO) who is required to make certifications to the IRS regarding compliance with FATCA. The IRS can terminate the FFI compliance agreements if the required certifications are not made and the FFI will be subject to the withholding tax. There are also penalties to pay for incorrect reporting for compliant FFIs.

You can find more information from the IRS Website.

Here are some other FATCA facts that you may not know.

• Increased Bank Fees – FFIs will need to re-engineer their business processes to meet the FATCA compliance. This means that much cost will be incurred initially and on and ongoing basis to meet FATCA compliance. The Banker’s Association of Trinidad and Tobago (BATT) estimates the cost to implement FATCA will be around US$100 million. This cost will be passed onto the customer, resulting in higher bank fees.
• New IT Investments – New information technology infrastructure and software processes will be required to capture the necessary information and securely transfer the information to the reporting agency or the IRS.
• New Legislation – New legislation is necessary to allow FATCA, especially in terms of privacy and transfer of financial data. Because of legal implications, the IRS entered in Inter-Governmental Agreements with countries to overcome those issues. Several countries have already signed IGAs with the IRS. You can find a list at this web page.
• Non-US Citizen Flagged as a US Citizen – The due diligence performed by FFIs look for US indicia, which includes an account holder having a US address and US telephone number. If you are like me and many of the T&T population, you have a Skybox address tied to your credit card.
• Business Impediments – Even if you or your FFI is FACTA compliant, if you are sending money to a vendor, or through an FFI, who is not FACTA compliant, then they may be faced with the withholding tax, preventing the business transaction from proceeding. It’s quite possible that those entities may impose a 30% premium on goods or services provided. Update: Not all income is subject to the Withholding Tax. Payments that are subject to Withholding Taxes are any payment of interest, dividends, rents, royalties, salaries, wages, annuities and licensing fees if such payment is from sources within the United States, including any gross proceeds from the sale or disposition of U.S. property of a type that can produce interest or dividends. These payments also include passthru payments.
• FATCA Offers No Returns to Signing Countries – FATCA is not expected to bring any returns to non-US countries. Agreements are being signed to simply not lose money or risk being blacklisted in one way or the other.
• FATCA Offers No Returns to the US – FATCA is expected to bring the US about US$10 Billion over a 10 year period, far more than it’s going to cost the US or the rest of the world to implement and continue the FATCA process. This implies that FATCA is unfeasible, but the US is still proceeding with it; I believe that there is more in the mortar than the pestle.
• There is a Lot of Opposition to FATCA – Just Google “FATCA illegal”, or check out the website Repeal FATCA.

Personally, I believe that FATCA should strongly opposed by everyone. I simply cannot understand how FATCA could be legal by international standards.

What is your take on FATCA? Give your comments below.

Original article: How we in the Caribbean are likely to suffer for it!'">Facts about FATCA How we in the Caribbean are likely to suffer for it!

©2025 Interxect Services Limited. All Rights Reserved.

I mentioned before that too much technology can be detrimental to your information security goals. In the insurance industry, there is something called moral hazard. Moral hazard is where an insured person takes more risks because the potential costs of such risks are taken care of by another party.

This also happens with IT security. Think about yourselves for a moment. You feel safer with anti-virus software and personal firewalls installed on your PC, and as such you may browse more “freely” on the Internet. Yes, your risks have decreased, but the additional risky behaviour – unsafe browsing in this case – may now increase your risk of being affected by malicious software.

I’ve seen this with many organisations. They’ve implemented some of the best security, but still have security breaches, by sometimes the simplest infections. This often causes them to doubt the effectiveness of the products and to then get more security products to address the perceived weaknesses. What had instead happened was the users had come to expect that they were protected from such risks. Even the IT department is sometimes lulled into a sense of security that they don’t consistently follow the required practices to keep their network secure.

So do you have a technology problem? Are you so dependent on technology that you have put yourself and your organisation at risk?

Consider the following statements:

• You think that technology is the only way that you can protect your information assets.
• You constantly purchase the newest and latest security technologies to protect your network without reviewing whether the risks they address are relevant to you, or have already been addressed.
• You have multiple technology tools that perform the same type of task, e.g. multiple anti-virus products, because “one may detect malware that the other didn’t pick up”.
• You are unaware of what your IT and business risks are and/or you cannot identify what your critical servers and services are.
• You think that as long as you are compliant to regulatory frameworks or standards your network is protected and your information is secure.
• You and your users expect technology to do it all for you.

If you’ve answered “true” to even a few of these statements, then you may have a technology problem. You should reassess your mindset and beliefs about information security before you have yourself, a moral hazard.

Original article: How more may be less!'">Is Your Data Security Technology a Moral Hazard? How more may be less!

©2025 Interxect Services Limited. All Rights Reserved.

Zeus is a malicious software application (termed malware) that is designed to steal online credentials and other personally identifiable information (PII); it is geared to stealing banking credentials and information from users.

Zeus is a trojan, so it is disguised as something ‘safe’, and usually spread by links via email, comments on websites, and through social media, especially facebook.

SMBs are particularly attractive because they have more money than the average individual and often have lax security mechanisms in place to mitigate against malicious attacks. According to Symantec in its Internet Security Threat Report 2013, the largest growth area for targeted attacks in 2012 was with small businesses. As it says, “money stolen from a small business is as easy to spend as money stolen from a large business.”

Symantec had found in an earlier survey that many small businesses are not concerned about IT security and usually believe that the data that they have holds little value to attackers.  I have also had to educate some of my clients about the risks involved if their data, or even their servers, were stolen.

The Federation of Small Businesses in the UK reported that small businesses lose £785 million to cybercrime per year. The sad thing is that many a small business would go bankrupt if an attack was successful at draining their bank accounts.

Not only small businesses should be on the alert, but many small financial institutions, such as credit unions, should be aware of the threats and risks. Many of these institutions lack the resources and infrastructure of their larger counterparts and may be ill prepared for those attacks.

So what are some of the ways that small businesses can protect themselves.

1. Have up-to-date anti-virus, anti-spyware and anti-malware software installed and running.
2. Keep your PCs updated to all the latest software and security patches.
3. Use strong passwords on banking websites. If your bank offers a hardware security token, consider getting that service.
4. Train employees to recognise and avoid suspicious emails or links. Also keep an open environment that allows employees to report if they accidently click on a link; time is of the essence for these attacks.
5. If you have any suspicions about an email or message (such as snail mail) received that purports to be from your bankers, call them using the number from the phone book to verify the information. Do not use any numbers, email addresses or internet addresses from the message to contact them.
6. Use a computer account without administrative rights.
7. Always type in the internet address of the bank into your browser. Do not click any links within emails to access the online bank.
8. Limit access to computers that will be used to access online bank applications. Also limit the applications or sites that those computers will be allowed to access to limit exposure to malicious content.
9. If you can’t dedicate a computer to access online banking, then consider using a Live CD of an operating system to just access the online banking system.

For small financial institutions:

1. Make the required investments to secure your data and network.
2. Perform regular security assessments to identify and address risks.
3. Train your employees to become more aware of security risks and what they must do to reduce those risks.
4. Educate your customers as to what they can do to protect themselves.

Online banking is a huge timesaver for many a small business and with the right checks and balances can continue to be a safe way to manage your business’ finances.

Do you have any other tips that I should have mentioned? Feel free to add them to the comments below.

Original article: SMEs and Small Financial Institutions Beware'">Zeus Malware Reboot SMEs and Small Financial Institutions Beware

©2025 Interxect Services Limited. All Rights Reserved.

A Distributed Denial of Service (DDoS) can bring the Internet services of any online business to its knees. Such downtime can cause businesses heavily reliant on the Internet to suffer some heavy financial losses.

The Survey

A recent survey carried out by Neustar, Inc. polled 1,000 IT professionals in North America from various industries about DDoS attacks. They found 300 businesses that said that they suffered at least one attack, from which 35% said that they lost more than US$10k per hour of the attack; 35% of the 300 businesses said that they suffered an attack that lasted more than 24hours.

Businesses would suffer differently depending on the sector; for example, of the 32% in the financial sector who said that they were attacked, 82% said that they lost more than US$10k per hour; compare that to the 16% in the retail sector who said that they were attacked, 67% said that they lost more than US$100k per hour.

These attacks caused negative customer experience, impacted the brand image and caused direct financial losses. It’s important to note that 25% said that they had no way to counteract the attack.

The Caribbean Connection

While it is easy to dismiss the results as being US centric and not relevant to the Caribbean, one merely has to look at the recent attacks on the T&T Government Websites. Even if you may not have online services for customers, what effect would an attack have on e-mail, Virtual Private Networks (VPN) or your own Internet browsing experience? Disruption or degradation of these services will cost your business money and may negatively impact your ability to service your customers.

Most businesses do not take Cyber-Threats seriously, but we need to change that. If we expect to compete on the global level, we need to also manage the global threats that exist; we are no longer islands in the sea.

How to Protect Yourself

A DDoS is hard to prevent, and harder to stop; the only steps you can take are evasive actions. Using techniques, such as multiple ISP links, highly-available Domain Name System (DNS), Intrusion Detection and Prevention Systems (IDS/IPS) and Operating Systems hardening, can help you to withstand an attack. Have your Incident Response Plan or Action Plan prepared to how to respond to such a threat and ensure that it is tested. Then pray that it never happens, but if it does, at least you are ready.

Original article: Cost of a DDoS

©2025 Interxect Services Limited. All Rights Reserved.